Reset Search



KB17872 - Network Connect does not work using proxy settings on Linux client

« Go Back


Last Modified Date9/1/2015 2:00 AM
Network Connect does not work using proxy settings on Linux client
Problem or Goal
When viewing the TCP Dump of a SSL VPN connection from a Pulse Connect Secure server through a defined proxy server from Firefox, initially the traffic is being proxied but at some point during the connection the traffic gets redirected to go direct instead of using the proxy.  If the default route is configured to use a proxy server for the connection to the VPN, any resource accessed through the VPN should be proxied first.  Therefore, any redirection going to direct to the target resource rather than being proxied, will be blocked by the corporate firewall. 

Consider the following scenario:

Remote Client --> Proxy server --> Firewall <--------------> PCS

All Web requests should go to the proxy server first.

In this scenario, all Network Connect tunneled traffic defined by the NC ACL is going directly to the resource via the virtual adapater IP address and the proxy is only used during the initial authentication request to the PCS device.  The proxy configuration is only applied to connect the VPN session.

In this scenario, it was also observed that other Web requests were going direct, thereby ignoring the proxy configuration, even though all traffic was expected to be proxied.  

These observations were made from a TCP dump captured on the Linux client with the above proxy configuration and this behavior was only observed when connecting from Linux clients.  Windows clients and Mac OSX clients exhibited the expected behavior where all of the traffic went over the proxy server. 

Client side log ncsvc.log shows the following message in the initial VPN setup phase: Will not use a proxy to connect” to the PCS”:
20100603105202.267167 ncsvc[p8975.t8975] Will not use a proxy to connect to the IVE (session.cpp:217)

The Pulse Connect Secure gateway does not support the use of NC with proxy configuration on Linux platforms.  Therefore, if a Linux client is configured with a static proxy server for the default route, there is no guarantee that the tunneled traffic with NC will be be proxied or if it will go direct.

An enhancement request is pending to implement this feature.

If you are a customer facing this issue, please contact Pulse Secure support to find out the status of this enhancement.
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255